If I may change the topic for a moment ...
I'm working on some stuff for ICANN to help people get EAI mail working.
One of the underspecified bits of EAI is how authentication works with
SPF, DKIM, DMARC and now, I suppose ARC. There's a bunch of places where
one needs to make arbitrary
Mark Delany most definitely wrote:
> Did the claimants vacuum up the IP of the now defunct Goodmail? Reads
> somewhat similar to what they were once trying to sell. Particularly
> the "contractual" obligations of the senders.
Goodmail indeed sold its patent portfolio, but none of the three
On Tue, Dec 5, 2017 at 2:52 PM, Pawel Lesnikowski
wrote:
>
> DKIM works as expected, but as you said it may re-enforce an incorrect
> assumption that email is from respected source.
>
>
Only if it's abused by saying "DKIM signature verified, it's safe!" rather
than "
I disagree that it's specifically a DMARC issue, because from that I infer
that you think DMARC is at fault here, i.e., that you expected it to deal
with this.
On Tue, Dec 5, 2017 at 1:44 PM, Steve Atkins
wrote:
> That's DMARC working exactly as designed but not as
On 12/5/2017 1:44 PM, Steve Atkins wrote:
That's DMARC working exactly as designed but not as commonly understood, which
makes it a DMARC issue (though a usability one of unmet expectations rather
than anything technical).
probably not.
it's an anti-abuse issue, where there is quite a bit
On 06/12/17 08:33, Mark Delany wrote:
On 06Dec17, Suresh Ramasubramanian allegedly wrote:
The pledge idea isn???t terribly novel either
Anne Mitchell used a habeas haiku
Gosh. The Haiku. How could I have possibly forgotten that beauty! But,
if you really want to intimidate spammers with
Works for me. I could never look anything but ridiculous though .. 6 ft 40ish
potbellied indian guy sticking his tongue out and trying to look like a scary
Maori warrior, nope.
--srs
> On 06-Dec-2017, at 6:03 AM, Mark Delany wrote:
>
> Gosh. The Haiku. How could I
On 06Dec17, Suresh Ramasubramanian allegedly wrote:
> The pledge idea isn???t terribly novel either
>
> Anne Mitchell used a habeas haiku
Gosh. The Haiku. How could I have possibly forgotten that beauty! But,
if you really want to intimidate spammers with poetry I recommend the
very effective
The pledge idea isn’t terribly novel either
Anne Mitchell used a habeas haiku and then contract law to enforce that any
email with that haiku in the headers had to be complaint with anti Spam best
practices or would get sued.
--srs
> On 06-Dec-2017, at 2:20 AM, Mark Delany
On 12/05/2017 03:52 PM, Pawel Lesnikowski wrote:
encoded-words are simply not permitted inside email addresses. MUA
shouldn't attempt to decode this at all.
Perhaps they shouldn't attempt to decode it per say.
I think they should attempt to detect the presence of invalid characters
and act
>
>
>> What is "naive" or "incorrect" about the following decoding?
>
> po...@whitehouse.govpo...@whitehouse.gov@mailsploit.com
>
> "=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=" quite literally does decode to
> "po...@whitehouse.gov"
>
encoded-words are simply not permitted inside email addresses.
> On Dec 5, 2017, at 2:23 PM, Grant Taylor wrote:
>
> What's worse, no security, or bad / false security?
That's DMARC's motto.
Cheers,
Steve
___
NOTE WELL: This list operates according to
On 12/05/2017 02:24 PM, Pawel Lesnikowski wrote:
I'm not sure if you noticed but it seems many client are affected by
'mailsploit':
https://www.mailsploit.com/index
$ReadingList++
Basically the attacker uses special characters inside encoded words to
spoof the sender:
From:
> On Dec 5, 2017, at 1:36 PM, Dave Crocker wrote:
>
> On 12/5/2017 1:33 PM, Steve Atkins wrote:
>> It's a DMARC issue rather than a DKIM one.
>
>
> How is it a DMARC issue?
From: {spoo-that-expands-to bill...@paypal.com\0}@badpeople.ru will be
delivered and (on some
From:
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@
mailsploit.com
I'm with Steve, this is overclever in a world where most MUAs just show
you the From: comment.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for
On 12/5/2017 1:33 PM, Steve Atkins wrote:
It's a DMARC issue rather than a DKIM one.
How is it a DMARC issue?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
___
NOTE WELL: This list operates according to
> On Dec 5, 2017, at 1:24 PM, Pawel Lesnikowski
> wrote:
>
> Hi All,
>
> I'm not sure if you noticed but it seems many client are affected by
> 'mailsploit':
> https://www.mailsploit.com/index
>
> Basically the attacker uses special characters inside encoded words
Hi All,
I'm not sure if you noticed but it seems many client are affected by
'mailsploit':
https://www.mailsploit.com/index
Basically the attacker uses special characters inside encoded words to
spoof the sender:
From:
On 12/5/2017 12:50 PM, Mark Delany wrote:
For moral equivalence, the Date: header is a pledge as to when the
email was composed/sent
I've done only two user studies in my life. The first -- for the Rand
system --produced the email command name 'reply'. The second -- for the
DRUMS
On 05Dec17, Steve Atkins allegedly wrote:
>
> I thought this might be of interest to DKIM implementers.
> The Asserted Patents share a common specification.
Did the claimants vacuum up the IP of the now defunct Goodmail? Reads
somewhat similar to what they were once trying to sell. Particularly
I thought this might be of interest to DKIM implementers.
> Begin forwarded message:
>
> From: Laura Atkins
>
> A company called TrueMail is suing the above 3 companies claiming DKIM is an
> infringement of 3 patents they own.
>
> Docs are up:
>
>
21 matches
Mail list logo